BugBlog Home
BJK Research Home
BJK Research Home

Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Jump to the BugBlog archives Dec 06
Nov 06
Oct 06
Sept 06
Aug 06
July 06
June 06
May 06
Apr 06
Mar 06
Feb 06
Jan 06
Dec 05
Nov 05
Oct 05
Sept 05
Aug 05
July 05
Jun 05
May 05
Apr 05
Mar 05
Feb 05
XP SP2
Jan 05
Dec 04
Nov 04
Oct 04
Sep 04
Aug 04
Jul 04
June 04
May 04
Apr 04
Mar 04
Feb 04
Jan 04
Dec 03
Nov 03
Oct 03
Sept 03
Aug 03
July 03
June 03
May 03
April 03
Mar 03
Feb 03
Jan 03
Dec 02
Nov 02

Amazon.comOrder books and more at Amazon.com

Win 2K Secrets
Order Windows 2000 Secrets from Amazon.com

 

Cleveland-area blogs*:

Backup BugBlog

Economic Development Futures

Brewed Fresh Daily

Cleve-blog

Working with Words

Gassho

Sardonic Views

Filtering Craig

Hotel Bruce

Blogcritics.org

Up Yours

Kevin Holtsberry

Steve Goldberg

Red Wheelbarrow

Anita Campbell

Swerb's Blurbs

Rachel's Law

*there are more blogs in Cleveland, these are just from people I've met or know. Some of the above are actually farther away, but are bloggers I've met here.

Blogcritics

bugblog

  Rather than chopping the BugBlog up into weekly archives, I'm going to try monthly archives instead. So all the June bugs will remain on this page, and I'll slowly go back and combine the past blog pages into monthly entries as well.
The BugBlog is free- but if you want to help support its existence, feel free to make a donation via PayPal using the button at left. Better yet, subscribe to the BugBlog Plus. A three month subscription is only $5.
6/30 Microsoft has released Windows 2000 Service Pack 4. Here are a number of items of interest about the new service pack:

Microsoft has the complete list of fixes included in Windows 2000 Service Pack 4 listed at http://support.microsoft.com/?kbid=327194. Since the service packs are cumulative, SP4 includes the fixes from all the previous Windows 2000 Service Packs. That page has links back to the fix list for those, too.
How much space do you need to install Windows 2000 Service Pack 4. It depends on two things: if you are using a backup folder, and if you are installing from a distribution folder from a network or from the CD or web. Using a backup folder will add 175 MB to your space requirements. That might seem rather large, and you may be tempted to skip that step. But that means you won't be able to uninstall SP4, and considering Microsoft's track record of including bugs and incompatibilities in a Service Pack, you probably want that safeguard. If so, you will need 340 MB when installing from a CD or web, and 280 MB from a network.

Windows 2000 Service Pack 4 drops the Windows Media Tools (WMT) 4.1 package. If WMT is already installed, SP4 won't uninstall them, however. The reason for this appears to be licensing issues with the Microsoft MPEG-4 Video codec.
If you got some Windows 2000 pre-Service Pack 4 hotfixes directly from Microsoft Product Support Services, they might cause a conflict with Windows 2000 Service Pack 4. According to Microsoft, this is not an issue with fixes that come from either Windows Update or the Windows Download Center. You will know about the conflict during the SP4 installation, when installation will temporarily halt and an error message will tell you about the conflict. Microsoft says you can continue SP4 installation, and then get an updated fix afterwards. These are the hot-fixes which may trigger the message: 811525; 812419; 813130; 814120; 815767; 816542; 816560; 816627; 816813; 816989; 817354; 817416; 817700; 818173; 818396; 818528; 818704; 818825; 818826; 819019; 819636; 819653; 819876; 820325; 820326; 820550; 820765; 820841; 821102; 821290; 821471; 822563. For more information on this issue, see http://support.microsoft.com/?kbid=822384.
There is a compatibility problem between Windows 2000 Service Pack 4 and the Cisco Aironet wireless network adapter. If you install the Cisco Aironet Client utility with the PEAP option onto a Windows 2000 SP4 computer, you won't see PEAP on the Authentication tab, and all the dialog boxes will be different and wrong. Microsoft says you will need to go to Cisco to get the latest Aironet Client utility.
There are compatibility problems between Windows 2000 Service Pack 4 and Microsoft's own .NET Framework 1.0. Try to run one of the .NET Framework-based program or Visual Studio .NET programs, you may see one of many different error messages. As a fix, go to http://msdn.microsoft.com/netframework/downloads/howtoget.aspx and find out how to get .NET 1.1.
There are compatibility problems between Windows 2000 Service Pack 4 and Symantec Norton Internet Security 2001 or Norton Personal Firewall 2001. Try to load a web page with Internet Explorer, and you will get a time out error. Also, incoming call notification in Windows NetMeeting may be delayed by a few minutes. Microsoft says you will need to update the Symantec products.
Windows 2000 Service Pack 4 brings some new features. One is called "Impersonate a client after authentication" and the other is "Create global objects". Since they are new, existing programs may not interact well with these features. Microsoft has some tips and troubleshooting techniques at http://support.microsoft.com/?kbid=821546.
There may be some version mis-match problems if you install the Microsoft Security Update from bulletin MS03-011 onto a Windows 2000 Service Pack 4 computer that also has the Microsoft VM on it. The error message will say that the SP version is newer than the update. You will have to get the newest version of this security update, which is called the 816093 security update, from the Windows Update Catalog. For more details, see http://support.microsoft.com/?kbid=820101.
There are more W2K SP4 items on 7/1 and 7/11
6/25 There is a bug in Windows Media Player 9 that may let outsiders in and rummage around in your media library, and possibly delete or modify files (Aha! A backdoor for the record companies!). For the outsider to gain access, you would need to be enticed to a maliciously-designed website and click a link. An update to this is available via Windows Update, and is also available here. Microsoft credits Jelmer for finding this bug.
System adminimstrators who run Windows Media Services on a Windows 2000 server have some patching to do. A bug in the ISAPI Extension may let an intruder in to run their own code on the server. A fix for this can be downloaded here. Microsoft credits Brett Moore for finding this bug.
6/24 Apple says that Final Cut Express and Final Cut Pro 4 are compatible with iMovie 3 projects. However, they are not compatible with iMovie 3.0.3 projects, which won't open. Instead, you will see this error message:
Unable to open iMovie project. Final Cut Pro (or Express) requires iMovie 3.0 project files.
Apple may be working on a fix for this.
Make sure the installation path for Sun Microsystems Sun ONE Directory Server 5.2 is less than 54 characters. If it is more, the Administration Server won't start.
Sun Microsystems Sun ONE Directory Server 5.2 includes a number of fixes for security bugs. They include: a fix so that the Access Control plug-in could handle the correct level of nesting; semicolons in ACI permissions will no longer crash the server; a fix in verifying the SSL peer hostname; a fix so that illegal SNMP PDU won't cause the Master agent to fail; and more. The full list of security fixes is at http://docs.sun.com/source/816-6703-10/index.html.
Once you upgrade from Windows 98 or Windows ME to Windows XP Home, you may lose compatibility with older versions of Microsoft ActiveSync, which means you won't be able to synchronize data on your PDA. You will need to upgrade to ActiveSync 3.5 or higher, which you can do at http://www.microsoft.com/mobile/pocketpc/downloads/activesync35.asp.
If you try to run Windows XP Home along with the Delfin Project Media Viewer, you may get this error when you start your computer:
Unhandled Exception c0000005 at address: 100016b8
PromulGate Universal has encountered a problem and needs to close.

According to Microsoft, you will need to uninstall the Delfin Media Viewer, following the Delfin procedures. After that, you need to do a Registry edit. For full details on that, including important safeguards when editing the Registry, see http://support.microsoft.com/?kbid=811270.
6/23 Back from vacation -- Earthlink's POP at Hilton Head was worthless, but if you need a connection in Hilton Head check out the Internet Cafe at Coligny Plaza. And there's a nice juicy Adobe bug waiting for me on return.

Adobe has issued an update in their Adobe Reader for Linux/Unix, that closes up a serious security hole. A bug, discovered by Martyn Gilmore may let a bad guy put in a link in a PDF file that will trigger shell commands that could run all kinds of nasty code. Get the new version 5.07 at http://www.adobe.com/products/acrobat/readstep2.html. Note that the Windows and Mac version of the Adobe Reader are not affected.
Red Hat has an update for the Xpdf package, which is a reader for Adobe Acrobat PDF files that runs on X Windows systems. This fixes a security flaw that may allow a link in a PDF document to run their own code. The update is at https://rhn.redhat.com/errata/RHSA-2003-196.html, and is for Red Hat Linux 7,x, 8.0, and 9.
Novell has an updated DPLMW32.DLL for the Novell Client 4.83. It fixes two bugs that may cause errors during printer driver downloads, that may trigger either of these error messages:
Error: Driver unsuitable for installation during printer driver download
or
Error: Insufficient rights for installation during printer driver download.
You can get this as part of the Novell Client 4.83 Post Support Pack 2 Update at http://support.novell.com/servlet/tidfinder/2965619.
Novell has a new version of NWWS2NDS.DLL for the Novell Client 4.83. This fixes a problem that has arisen after Support Pack 2 where workstations try to resolve invalid URLs. This sends too much traffic to the server, which spikes server utilization rates. You can get this as part of the Novell Client 4.83 Post Support Pack 2 Update at http://support.novell.com/servlet/tidfinder/2965619.
If you want to use Apple's AirPort and Internet Sharing to share an Internet connection with regular wired Ethernet connections, note that it won't work if AirPort isn't given the highest port priority in the port configuration list. To see how to set priorities, go to http://docs.info.apple.com/article.html?artnum=107594.
6/15 Not much posting this week -- I'm down in Hilton Head at the end of a really poor dial-up connection. Not much time to look for software bugs, but the six-legged variety of bugs down here are so big, you almost want to give them names and adopt them as pets.
6/10 If you have a Windows 2000 Professional/Server/Advanced Server in hibernation, it may lock up with this error message when you try to wake it:
Stop 0xC2 error in ACPI.SYS
Microsoft has a fix for this, which will be in a future service pack. If you keep getting this error, you may not want to wait for the fix. Instead, contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 818323. Note that you may get charged for this call.
Microsoft has found some neurotic mouse behavior in all versions of Windows 2000, under all versions of its service packs (SP1 through 4). If you hold down the right SHIFT key and then let go of the left mouse button, the mouse pointer behaves as though the left mouse button is still down. To get back to normal, let up on the shift button and then click the mouse button. Microsoft doesn't have a permanent fix.
If you are running Apple QuickTime on a Macintosh, and you want to upgrade to QuickTime 6.3, you may find that it doesn’t show up in the Update window. Try to use the standalone installer, and you will see an error message with an important clue:
This disk is dimmed because the system version is not at least 10.2.3
This version of QuickTime is incompatible with versions of Mac OS X earlier than 10.2.3. So you need to upgrade the OS first, and then QuickTime. You can get the update at http://www.apple.com/swupdates/.
The upgraded Apple QuickTime 6.3 for both Macintosh and Windows mostly provides greater compatibility with various multimedia standards, as opposed to being mostly bug fixes. It is compatible with 3GPP, which is the standard for multimedia on wireless devices. It also extends compatibility with .amr and .sdv files, if you also use the free 3GPP component. You can also now use it with Kodak DCS Photo Desk JPG files.

6/9 If you install Microsoft Office XP Service Pack 2, you may introduce a bug that hinders FrontPage 2002 or the FrontPage Server Extensions. If you try to open a FrontPage Web that is on the root or a drive or mapped drive, you may see this error message:
Server error: There is no web named "DriveLetter"
Microsoft has a fix, which will be in a future service pack. If you can't wait for your fix, contact Microsoft Technical Support and ask for the fix described in Knowledge Base article 818050. Note that you might get charged for this call.
Novell has an updated TCP for NetWare 5.1. The new version 5.81p includes all the fixes to the TCP stack since Novell released Support Pack 4. These include these new bug fixes for: extra transmissions; abends in TCPReassembleSegment; support for Multicast & Broadcast address in UDP Bind; problems with UDP framents. Get the update for NetWare 6 at http://support.novell.com/servlet/tidfinder/2965147.
Novell has an updated TCP for NetWare 6. The new version 6.05p includes all the fixes to the TCP stack since Novell released Support Pack 1. These include these new bug fixes for: extra transmissions; abends in TCPReassembleSegment; support for Multicast & Broadcast address in UDP Bind; problems with UDP framents. Get the update for NetWare 6 at http://support.novell.com/servlet/tidfinder/2965158.
6/5 If you use Microsoft Outlook 2000, 2002 or Outlook Express 6 for Windows, and you also have Symantec Norton AntiVirus set up for email scanning, it may cause enough of a delay that you will get a time-out error when checking your email. The error message would resemble this:
The operation timed out waiting for a response from the receiving (POP) server 0x8004210a.
Microsoft says you need to turn off the email scanning. If you check Symantec's advice here, they will say that this is OK, as long as you still have Auto Protect turned on in NAV. This will still scan when any email attachments are saved to your hard drive.
If you try to add a file location to the Microsoft Outlook 2002 shortcut bar, and you do it programmatically on a Windows NT 4.0 computer, you may see this error message:
Run time Error: -2147024882 (8007000e)
Out of memory or system resources. Close some windows or programs and try again.

Microsoft has a fix for this, which will be in a future service pack. If you need your fix right away, contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 814563. Note that they may charge you for this call, and that you need Service Pack 2 installed before adding this fix.
If you use the Select Names dialog in Microsoft Outlook 2002 to select a person to send an email message, it may cause all the custom column widths in the Address Book to revert to their default settings. Microsoft has a fix for this, which will be in a future service pack. If you need your fix right away, contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 815482. Note that they may charge you for this call, and that you need Service Pack 2 installed before adding this fix.
Microsoft Outlook 2002 may return this message when scheduling an online meeting:
Resource has declined your meeting because it is recurring. You must book each meeting separately with this resource.
This error message may show up even if it is not a recurring meeting, and the conference resource has not been set up to decline recurring meetings. Microsoft has a fix for this, which will be in a future service pack. If you need your fix right away, contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 817420. Note that they may charge you for this call, and that you need Service Pack 2 installed before adding this fix.
Apple says that if you use the Mac OS X 10.2.4 updater, it will cause Personal Web Sharing to revert to its default settings. Apple says that the updater saves the custom settings in a file called "httpd.conf.applesaved". That means, if you want to switch back to your own settings, you can swap files. The details on how to do that are at http://docs.info.apple.com/article.html?artnum=107580.
Novell has an updated driver for DirXML 1.5a when used with Microsoft Exchange 5.5. This new driver fixes a bug that sometimes caused queries to turn up bad data if an SMTP address was empty. Get the new driver at http://support.novell.com/servlet/tidfinder/2966182 .
6/4 Another critical update for Microsoft Internet Explorer 5.01, 5.5, and 6.0. This is a cumulative update, so it holds all the old fixes plus the two newest ones. The new ones are a buffer overrun and a security flaw in the downloaded file dialog. These two problems may let an attacker run their own code on your machine, via either an email or a hostile web page. You can get the patch at http://www.microsoft.com/windows/ie/downloads/critical/818529/default.asp. Microsoft credits eEye Digital Security for this one.
6/3 If a Rich Text Format (RTF) document was created on a UNIX computer (or some other non-Microsoft OS) and then opened in Microsoft Word 2002, the file may open very slowly, and it may take a long time to scroll the document. Microsoft has a fix for this, which will be in a future service pack. If you need this fix right away, contact Microsoft Technical Support and ask for the hot-fix described in Knowledge Base article 818791. Two warnings: you need Office XP Service Pack 2 installed first, and Microsoft may charge you for this call.
Speed kills, and a lack of speed may kill Microsoft Word 2002. In particular, if your computer has a processor with a speed of 1 Gigahertz or slower, and you insert a TIFF file into a Word doc, then Word may crash. Checking out the error details may show something like:
Winword.exe 10.0.2627.0 Ntdll.dll 5.1.2600.1106 00001d26
Microsoft has a fix for this, which will be in a future service pack. However, if you have a slower computer, and insert a lot of TIFF files, you may want to get this fix earlier. Contact Microsoft Technical Support and ask for the hot-fix described in Knowledge Base article 818636. Two warnings: you need Office XP Service Pack 2 installed first, and Microsoft may charge you for this call.
In Microsoft Word 2002, if you use the percent symbol (%) as part of a filename, this might interfere with Word's AutoRecover file process. If you try to save the AutoRecover file, with the .ASD extension, you may see this error message:
You cannot save while the file is in use by another process. Try saving the file with a new name.
(C:\...\Word\AutoRecovery save of @1!.asd)

After clicking OK, you may loop around and get the error message again. If you want to use the percent sign in the name, then Microsoft says to turn off the AutoRecover option. Do this at the Tools, Options, Save tab.
Adobe Photoshop Album 1.0.1 has been released to fix some of the bugs in the first version. They have fixed the bugs that sometimes triggered ODBC or MSVCRT.DLL errors when you started Photoshop. It also gets rid of the bug that caused this error message
c0000005
when using the context menu. You can get the update at http://www.adobe.com/support/downloads/detail.jsp?ftpID=2117.
6/2 Apple says you need to be careful about using alternative keyboard layouts when using OpenFirmware in Mac OS X. They say the keyboard mapping loads relatively late in the startup process. So if you need the password early, such as to go to Startup Manager, it may not be recognized. Apple says that a workaround is to type in the password as if you were using a QWERTY keyboard.
Red Hat has released a new ghostscript package for Red Hat Linux 7.x, 8.0, and 9. There is a bug in the GNU Ghostscript in versions earlier than 7.07 that may allow attackers to send malicious commands via a Postscript file. You can download the update from https://rhn.redhat.com/errata/RHSA-2003-181.html.
Microsoft points out two things that may cause problems with Windows Update. The first is if you have gone to View, Explorer Bar and turned on Discuss. The second is the program BrowserAid. If either of these are present in Windows 98/ME/2000/XP, the Windows Update scan may continually loop, or else after you select a component for updating, the scan will restart in that new window. The workaround by Microsoft is to determine which of these two conditions is causing it, and then either turn off Discuss or uninstall BrowserAid.
Although we've turned a page on the calendar, we will leave the last couple entries from May on the current page for awhile, since they have some important Security Bulletins from Microsoft.
5/30 If you are running Windows XP with Service Pack 1 on a computer with an Intel CPU that implements hyper-threading technology, you may have compatibility problems with a Hauppauge playback graph. If you start and stop the playback graph many times, you may get a crash in Ks.sys. Microsoft has a fix for this, which will be in a future service pack. If you are a fanatic about starting and stopping those graphs, you may want to contact Microsoft Tech Support to get this fix -- ask for the one described in Knowledge Base article 812035. Note that you may get charged for this call.
For a general hardware and OS compatibility list for Hauppauge WINTV PCI boards, see the FAQ at http://www.hauppauge.com.sg/support/faq_pci.htm.
When using the Microsoft Windows XP Disk Cleanup Tool, the procedure may hang while displaying this message:
Disk Cleanup is calculating how much space you will be able to free on (C:).
This may take a few minutes to complete.

Microsoft has a fix for this that involves deleting the key in the Registry that says to Compress old files. For the full details on this Registry edit, including important safeguards, see http://support.microsoft.com/?kbid=812248. (Note: when the prompt says it may take a few minutes, they aren't kidding. Before going through this Registry edit, see if this step is taking a long time to complete, instead of assuming the computer has locked up. Go have a cup of coffee, or lunch, and then come back and see if the step has completed.)
If you have Laplink's LapLink Gold 11 installed on a Windows 98SE/ME/2000/XP computer it may interfere with the Microsoft DirectX Diagnostic Tool. When you get to the Direct3D test, you may see this error message:
Direct3D test results: Failure at step 8.
Microsoft says to get the latest update for Laplink at http://www.laplink.com/products/llgold/updates/llgold.asp to fix this.
If you are trying to install Final Cut Pro 3 on an Apple Mac OS X computer, you may see one of these error messages, and then installation will abort:
error creating file
error creating folder, acess denied.
Apple has a rather long 25 step troubleshooting procedure to fix this. You can find it at http://docs.info.apple.com/article.html?artnum=93066.
Apache has come out with an upgrade to their web server. Version 2.0.46 includes two security fixes that can prevent denial of service attacks. There are also a number of fixes for SSLC and OpenSSL compatibility. The full list of updates is at http://www.apache.org/dist/httpd/CHANGES_2.0.
5/29 If you found out about the BugBlog at the "Techies, Scribes, & Citizens" meeting in Cleveland, welcome! A new list of Cleveland blogs will appear in the left-hand column sometime this weekend.
Yesterday, we blogged about Microsoft needing to pull an update from their site. Today, we look at two previous Microsoft Security Bulletins that have needed to be revised. Something to think about next time Microsoft talks about mandatory updates for Windows.

Microsoft re-issued Security Bulletin MS03-013 on 5/28/2003. The original bulletin was released on 4/16/2003, and fixed a buffer overrun in the Windows Kernel, which may lead to someone breaking into a server. They needed to re-issue the bulletin because the original fix took a performance toll on Windows XP Service Pack 1 computers. Get the update at http://www.microsoft.com/technet/security/bulletin/ms03-013.asp.
On May 28, Microsoft issued three separate updates for Security Bulletin MS03-007, which affects Windows NT, 2000, and XP running as a server. They originally issued the bulletin on March 17, and updated once on March 18, once on April 23, and twice on April 24. (If at first you don't succeed…) The latest three updates were to include details of the patch for Windows XP; then to give the correct verification keys on Windows NT 4.0 and XP; and then to add a discussion on the effects on Internet Information Server 5.1. If you missed some of the updates, you can get the bulletin at http://www.microsoft.com/technet/security/bulletin/ms03-007.asp.
There is an updated httpd package for Red Hat Linux 8.0 and 9. According to Red Hat, this update for the Apache HTTP Server 2.0 through 2.045 plugs security holes that may let attackers mount a denial of service attack, and may also let them sneak code on to the server and run their own program. Red Hat credits iDefense and John Hughes for finding these bugs. You can find links to the updated packages at https://rhn.redhat.com/errata/RHSA-2003-186.html.

5/28 Microsoft had to pull an update off their Windows Update site - apparently it behaved badly with firewalls and security software and shut off Internet access to many people. Apparently it was the update discussed at http://support.microsoft.com/default.aspx?scid=kb;%20en-us;818043, a L2TP/IPSec NAT-T Update. There is a news story at C Net, and extended discussion at Slash Dot about this.
Update 1 is available for the Sun Microsystems Sun ONE Application Server 7. It includes: a bug fix in server to RMI-IIOP Client communications; a fix for confusing messages in JAR deployment; corrections to online help; errors in key columns, and more.
The latest cumulative patch for Microsoft Internet Information Server 4.0, 5.0 and 5.1 is available online. It takes care of all the previous fixes to IIS, plus it fixes four new problems. These include a cross-site scripting bug, a buffer overflow, and two denial of service attacks. You can find the link for the update to your version of IIS at http://www.microsoft.com/technet/security/bulletin/ms03-018.asp.
Microsoft has issued a security bulletin aimed at system administrators using Windows NT 4.0 and Windows 2000. There is a bug in Windows Media Services ISAPI Extension which may let an attacker mount a denial of service attack. If you are running Windows 2000, you can either get the patch at http://microsoft.com/downloads/details.aspx?FamilyId=9EFA4EBD-2068-4742-917D-A2638688C029&displaylang=en or wait for Service Pack 4. The fix for Windows NT 4.0 Service Pack 6a is at http://microsoft.com/downloads/details.aspx?FamilyId=8D7E3716-1AA7-4EDC-B084-7D50C8D3C2AB&displaylang=en.